[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6251) GnuTLS cipher suite failure



Full_Name: Quanah Gibson-Mount
Version: 2.4.17
OS: Linux 2.6
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (75.111.29.239)


Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=541256

OpenLDAP+gnutls worked fine for me for more than a year, but now I have
TLS problems again. It started on my unstable client when libnss-ldap
reported:

TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1

Then I upgraded gnutls and ldap on my server from lenny to unstable and
now even slapd doesn't start:

TLS: could not set cipher list TLS_RSA_AES_256_CBC_SHA1.
main: TLS init def ctx failed: -1

If I comment out line which defines cipher:

TLSCipherSuite     TLS_RSA_AES_256_CBC_SHA1

it works again.

$ gnutls-cli -l|grep TLS_RSA_AES_256_CBC_SHA1
TLS_RSA_AES_256_CBC_SHA1     0x00, 0x35      SSL3.0

...so I don't see why it shouldn't work.